Does this skill parse .burp files natively?

No, it delegates parsing to Burp Suite Professional and requires the burpsuite-project-file-parser extension to be installed.

Can I use regex to search for vulnerabilities?

Yes, you can use regex patterns to search specifically within response headers or bodies to find indicators of vulnerabilities like CORS misconfigurations or leaked credentials.

Which operating systems are supported?

The skill is compatible with both macOS and Windows, provided the BURP_JAVA and BURP_JAR environment variables are correctly configured.

How does the skill handle very large Burp project files?

The skill enforces mandatory truncation rules, such as limiting response bodies to 1000 characters and using sub-component filters to prevent gigabytes of data from entering the context window.

Do I need Burp Suite Professional to use this skill?

Yes, Burp Suite Professional must be installed as it provides the underlying engine for reading and processing project files.

Burp Suite Project Parser

Name: Burp Suite Project Parser
Author: trailofbits

bytrailofbits

•

938

•

보안 및 테스팅

Searches and extracts security data from Burp Suite project files using regex patterns and command-line tools.

This skill enables Claude to interact with Burp Suite Professional project files (.burp) via the command line, facilitating advanced security research and audit workflows. It allows for regex-based searching of request/response headers and bodies, extraction of security findings (audit items), and targeted analysis of proxy history or site maps. By delegating parsing to the Burp Suite engine through a specialized extension, it provides a powerful way to automate the triage of vulnerabilities and explore captured HTTP traffic directly within the development environment while maintaining strict output limits for performance.

주요 기능

01Sub-component filtering to retrieve specific data like site maps or proxy history

02Regex-based searching across HTTP request/response headers and bodies

03Safety-first output truncation to prevent context window overflow

04Extraction of security audit items with severity and confidence filtering

05Standardized JSON output compatible with jq for complex data processing

06938 GitHub stars

사용 사례

01Triaging high-severity findings from automated Burp Suite security scans

02Searching proxy history for specific server signatures or sensitive data patterns

03Mapping an application's attack surface by extracting unique URLs from a site map

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add trailofbits/skills skills

For use in Claude.ai and ChatGPT

Download Skill